A vulnerability in Ravencoin (RVN) resulted in the unsanctioned minting of about 1.5% of its maximum supply of 21 billion RVN. 

The exploit was disclosed by Recencoin on Friday after initial reports were confirmed, but details remain fuzzy as the investigation is still underway. About 315 million RVN were minted, worth about $5.7 million at current prices.

Ravencoin said it notified law enforcement in hopes of catching the unknown perpetrators of the exploit, though given the nature of the bug, no money was directly stolen. Instead, the losses were spread over all RVN holders as extra inflation, which amounts to about 5% of the currently circulating supply.

The team confirmed that the extra RVN was already exchanged, making any kind of remediation effort difficult. Miners and nodes must now upgrade to a new fixed version to prevent further exploits.

According to unconfirmed rumors on the community’s Discord, the bug existed since October and involves a wallet bug. 

Concerns were raised by the community that this was due to ProgPow, the controversial Ethereum-born mining algorithm that was recently adopted by Ravencoin. However, a team member said that the issue was from “an innocuous [Github pull request] from somewhere else.”

Following the post-mortem and successful mitigation of the bug, the community will need to decide how to deal with the vulnerability. The team suggested to anticipate a planned halving in 44 days to compensate for the extra supply of tokens, though the community may also decide to leave everything as is.